Cyber security alert: bogus Griffith library emails


There has recently been a spate of fake library system notices sent to Griffith University staff and students which attempt to steal your username and password and potentially other personal information.

While there are a few variations of the email, most have the Subject: ‘Library Notifications’ and have a falsified From: address of ‘libraries@griffith.edu.au’.

The body of the email contains a claim that your library account access will expire soon due to ‘security precautions established to protect the University Libraries System’. It will tell you that you need to ‘renew your library account on a regular basis’ and to click on the given link.

Clicking on the link takes you to a malicious website, crafted to look exactly like Griffith’s Single Sign-On (SSO) Login page. This site is able to steal any username and passwords entered.

If you believe that you may have entered your login details on the fake login page, please change your Griffith password immediately.

Here are some tips on spotting bogus emails:

  • Does the address of the sender seem real?  Quite often phishing emails have a real looking name but the email address itself is a free email service rather than a Griffith address.
  • Is the email full of errors? While we all make the occasional spelling and grammatical errors, bogus emails tend to have a lot of errors in only a few sentences.
  • Does the email demand you click on a link and login to something immediately, otherwise you’ll lose access? They’re deliberately worded to make you curious or worried so you click on the link without thinking twice.
  • Is the email from a completely unexpected source? If you’ve not entered a lottery or competition, you cannot have won.

Please forward any suspicious emails to the Information Security team.